1. 12 Oct, 2016 1 commit
  2. 11 Oct, 2016 6 commits
  3. 09 Oct, 2016 4 commits
  4. 06 Oct, 2016 22 commits
  5. 05 Oct, 2016 5 commits
  6. 04 Oct, 2016 2 commits
    • anonym's avatar
      Leverage AppArmor's in-kernel solution for determining executable paths. · ec31cf6f
      anonym authored
      Using /proc/pid/cmdline is not secure since it can be trivially set
      with, for instance:
      
          exec -a "pwned" sh -c 'cat /proc/$$/cmdline'
      
      The /proc/pid/exe symlink is not good enough for scripts (since it will
      point to the interpreter, not the script) so let's instead use
      AppArmor's in-kernel solution for determining executable paths. We
      fallback to /proc/pid/exe for unconfined processes, which leaves us with
      only unconfined scripts not being supported by tor-controlport-filter.
      However, profiles in complain mode is still good enough, so a trivial
      stub profile in complain mode is enough, which is exactly what we do for
      onionshare and onioncircuits.
      ec31cf6f
    • bertagaz's avatar
      82e9ad4c